Assuming you're emailing someone that's an Office 365 customer, it's
largely dependent on the receiving tenant's spam filtering configuration
within O365 spam settings and Defender. Exchange Online itself does not
outright reject SPF failure unless a customer has configured it to do so.
- Mark Alley
On 5/23/2023 8:35 AM, Benoit Panizzon via mailop wrote:
Hi List
I'm surprised...
six-group.com is the biggest payment platform in Switzerland. Of course
they use SPF to protect their domain from being abused by phishers.
It looks like GV0CHE01FT013.mail.protection.outlook.com is happily
accepting phishing emails which, according to SPF should get rejected.
six-group.com descriptive text "v=spf1 mx include:285283.spf01.hubspotemail.net
include:spf.protection.outlook.com a:prodmail33a.sapsf.eu a:prodmail33b.sapsf.eu
a:prodmail33c.sapsf.eu a:prodmail33d.sapsf.eu ip4:130.214.193.81 a:smtp.cetrel.lu
-all"
https://www.spf-record.de/spf-lookup/six-group.com?ip=157.161.4.123
Connected to *****.mail.protection.outlook.com.
Escape character is '^]'.
220 GV0CHE01FT013.mail.protection.outlook.com Microsoft ESMTP MAIL Service
ready at Tue, 23 May 2023 13:30:12 +0000
ehlo example.com
250-GV0CHE01FT013.mail.protection.outlook.com Hello [157.161.4.123]
# (yes, my actual IP)
250-SIZE 157286400
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 SMTPUTF8
mail from:<i-am-a-ph...@six-group.com>
250 2.1.0 Sender OK
rcpt to:<info@*****>
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
PhsihPhishPhish
.
250
2.6.0<1596b267-85c2-4695-80cb-4c354a335...@gv0che01ft013.eop-che01.prod.protection.outlook.com>
[InternalId=139006616572402, Hostname=ZRAP278MB0141.CHEP278.PROD.OUTLOOK.COM] 7400
bytes in 0.087, 82.746 KB/sec Queued mail for delivery
WTF!
Mit freundlichen Grüssen
-Benoît Panizzon-
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
